A+ 220-1001 Core 2 Domain 2.5
A fraudulent email requesting its recipient to reveal sensitive information (e.g. username and password) used later by an attacker for the purpose of identity theft is an example of:
-Phishing -Social engineering
An email sent from unknown source disguised as a trusted source known to the message receiver is an example of:
-Spoofing -Social engineering
An attack against encrypted data that relies heavily on computing power to check all possible password combinations until the correct one is found is known as:
Brute-force attack
Which password attack takes advantage of a predefined list of words?
Dictionary attack
An attempt to flood the bandwidth or resources of a targeted system so that it becomes overwhelmed with false requests and in result doesn't have time or resources to handle legitimate requests is called:
DoS attack
What is tailgating?
Gaining unauthorized access to restricted areas by following another person
What kind of general term is used to describe the process of securing a computer system?
Hardening
What is in the contents of a rainbow table entry?
Hash/Password
Which social engineering attack relies on identity theft?
Impersonation
Which attack relies on intercepting and altering data sent between two networked hosts?
MITM attack
A social engineering technique whereby attackers under disguise of a legitimate request attempt to gain access to confidential information they shouldn't have access to is commonly referred to as:
Phishing
A situation in which an unauthorized person can view someone's display or keyboard to learn their password or other confidential information is referred to as:
Shoulder surfing
An unauthorized practice of obtaining confidential information by manipulating people into disclosing sensitive data is referred to as:
Social engineering
Phishing scams targeting a specific group of people are referred to as:
Spear phishing
As opposed to the simple Denial of Service (DoS) attacks that usually are performed from a single system, a Distributed Denial of Service (DDoS) attack uses multiple compromised computer systems to perform the attack against its target.
True
In computer security, the term "Dumpster diving" is used to describe a practice of sifting through trash for discarded documents containing sensitive data. Found documents containing names and surnames of the employees along with the information about positions held in the company and other data can be used to facilitate social engineering attacks. Having the documents shredded or incinerated before disposal makes dumpster diving less effective and mitigates the risk of social engineering attacks.
True
Network Access Control (NAC) defines a set of rules enforced in a network that the clients attempting to access the network must comply with. With NAC, policies can be enforced before or after end-stations gain access to the network. NAC can be implemented as pre-admission NAC where a host must, for example, be virus free or have patches applied before it can be allowed to connect to the network, and/or post-admission NAC, where a host is being granted/denied permissions based on its actions after it has been provided with the access to the network.
True
Rainbow tables are lookup tables used to speed up the process of password guessing.
True
The intermediary systems used as a platform for a DDoS attack are often referred to as zombies, and collectively as a botnet.
True
Phishing scams targeting people holding high positions in an organization or business are known as:
Whaling
A type of attack aimed at exploiting vulnerability that is present in already released software but unknown to the software developer is called:
Zero-day attack